summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
Diffstat (limited to 'libpod')
-rw-r--r--libpod/boltdb_state_internal.go11
-rw-r--r--libpod/container.go13
-rw-r--r--libpod/container_internal_linux.go2
-rw-r--r--libpod/events.go6
-rw-r--r--libpod/info.go9
-rw-r--r--libpod/oci.go4
-rw-r--r--libpod/options.go11
-rw-r--r--libpod/pod_api.go5
-rw-r--r--libpod/runtime.go44
-rw-r--r--libpod/runtime_ctr.go5
-rw-r--r--libpod/runtime_volume_linux.go12
-rw-r--r--libpod/util.go10
-rw-r--r--libpod/util_linux.go21
-rw-r--r--libpod/util_unsupported.go6
14 files changed, 115 insertions, 44 deletions
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go
index 936ccbf4c..b6a0759b1 100644
--- a/libpod/boltdb_state_internal.go
+++ b/libpod/boltdb_state_internal.go
@@ -6,6 +6,7 @@ import (
"strings"
"github.com/boltdb/bolt"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -95,22 +96,26 @@ func checkRuntimeConfig(db *bolt.DB, rt *Runtime) error {
return err
}
+ storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID())
+ if err != nil {
+ return err
+ }
if err := validateDBAgainstConfig(configBkt, "storage temporary directory (runroot)",
rt.config.StorageConfig.RunRoot, runRootKey,
- storage.DefaultStoreOptions.RunRoot); err != nil {
+ storeOpts.RunRoot); err != nil {
return err
}
if err := validateDBAgainstConfig(configBkt, "storage graph root directory (graphroot)",
rt.config.StorageConfig.GraphRoot, graphRootKey,
- storage.DefaultStoreOptions.GraphRoot); err != nil {
+ storeOpts.GraphRoot); err != nil {
return err
}
if err := validateDBAgainstConfig(configBkt, "storage graph driver",
rt.config.StorageConfig.GraphDriverName,
graphDriverKey,
- storage.DefaultStoreOptions.GraphDriverName); err != nil {
+ storeOpts.GraphDriverName); err != nil {
return err
}
diff --git a/libpod/container.go b/libpod/container.go
index 806e75c63..6d80a9bf4 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -17,7 +17,6 @@ import (
"github.com/cri-o/ocicni/pkg/ocicni"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
- "github.com/ulule/deepcopier"
)
// ContainerStatus represents the current state of a container
@@ -407,7 +406,9 @@ func (t ContainerStatus) String() string {
// Config returns the configuration used to create the container
func (c *Container) Config() *ContainerConfig {
returnConfig := new(ContainerConfig)
- deepcopier.Copy(c.config).To(returnConfig)
+ if err := JSONDeepCopy(c.config, returnConfig); err != nil {
+ return nil
+ }
return returnConfig
}
@@ -417,7 +418,9 @@ func (c *Container) Config() *ContainerConfig {
// spec may differ slightly as mounts are added based on the image
func (c *Container) Spec() *spec.Spec {
returnSpec := new(spec.Spec)
- deepcopier.Copy(c.config.Spec).To(returnSpec)
+ if err := JSONDeepCopy(c.config.Spec, returnSpec); err != nil {
+ return nil
+ }
return returnSpec
}
@@ -1094,7 +1097,9 @@ func (c *Container) ContainerState() (*ContainerState, error) {
}
}
returnConfig := new(ContainerState)
- deepcopier.Copy(c.state).To(returnConfig)
+ if err := JSONDeepCopy(c.state, returnConfig); err != nil {
+ return nil, errors.Wrapf(err, "error copying container %s state", c.ID())
+ }
return c.state, nil
}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 02f8d6aa4..23de1aa01 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -820,7 +820,7 @@ func (c *Container) makeBindMounts() error {
}
// Add Secret Mounts
- secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.state.DestinationRunDir, c.RootUID(), c.RootGID())
+ secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.state.DestinationRunDir, c.RootUID(), c.RootGID(), rootless.IsRootless())
for _, mount := range secretMounts {
if _, ok := c.state.BindMounts[mount.Destination]; !ok {
c.state.BindMounts[mount.Destination] = mount.Source
diff --git a/libpod/events.go b/libpod/events.go
index 139600982..b6a277789 100644
--- a/libpod/events.go
+++ b/libpod/events.go
@@ -58,6 +58,10 @@ func (v *Volume) newVolumeEvent(status events.Status) {
// Events is a wrapper function for everyone to begin tailing the events log
// with options
func (r *Runtime) Events(fromStart, stream bool, options []events.EventFilter, eventChannel chan *events.Event) error {
+ if !r.valid {
+ return ErrRuntimeStopped
+ }
+
t, err := r.getTail(fromStart, stream)
if err != nil {
return err
@@ -71,7 +75,7 @@ func (r *Runtime) Events(fromStart, stream bool, options []events.EventFilter, e
case events.Image, events.Volume, events.Pod, events.Container:
// no-op
default:
- return errors.Errorf("event type %s is not valid in %s", event.Type.String(), r.GetConfig().EventsLogFilePath)
+ return errors.Errorf("event type %s is not valid in %s", event.Type.String(), r.config.EventsLogFilePath)
}
include := true
for _, filter := range options {
diff --git a/libpod/info.go b/libpod/info.go
index 62088b730..b42f64a1f 100644
--- a/libpod/info.go
+++ b/libpod/info.go
@@ -13,8 +13,8 @@ import (
"github.com/containers/buildah"
"github.com/containers/libpod/pkg/rootless"
- "github.com/containers/libpod/pkg/util"
"github.com/containers/libpod/utils"
+ "github.com/containers/storage"
"github.com/containers/storage/pkg/system"
"github.com/pkg/errors"
)
@@ -116,12 +116,17 @@ func (r *Runtime) hostInfo() (map[string]interface{}, error) {
func (r *Runtime) storeInfo() (map[string]interface{}, error) {
// lets say storage driver in use, number of images, number of containers
info := map[string]interface{}{}
- info["ConfigFile"] = util.StorageConfigFile()
info["GraphRoot"] = r.store.GraphRoot()
info["RunRoot"] = r.store.RunRoot()
info["GraphDriverName"] = r.store.GraphDriverName()
info["GraphOptions"] = r.store.GraphOptions()
info["VolumePath"] = r.config.VolumePath
+
+ configFile, err := storage.DefaultConfigFile(rootless.IsRootless())
+ if err != nil {
+ return nil, err
+ }
+ info["ConfigFile"] = configFile
statusPairs, err := r.store.Status()
if err != nil {
return nil, err
diff --git a/libpod/oci.go b/libpod/oci.go
index 69cff6d3c..b25175b9d 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -325,8 +325,8 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res
cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3))
cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_STARTPIPE=%d", 4))
cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir))
- cmd.Env = append(cmd.Env, fmt.Sprintf("_LIBPOD_USERNS_CONFIGURED=%s", os.Getenv("_LIBPOD_USERNS_CONFIGURED")))
- cmd.Env = append(cmd.Env, fmt.Sprintf("_LIBPOD_ROOTLESS_UID=%s", os.Getenv("_LIBPOD_ROOTLESS_UID")))
+ cmd.Env = append(cmd.Env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED")))
+ cmd.Env = append(cmd.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%s", os.Getenv("_CONTAINERS_ROOTLESS_UID")))
cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", os.Getenv("HOME")))
if r.reservePorts && !ctr.config.NetMode.IsSlirp4netns() {
diff --git a/libpod/options.go b/libpod/options.go
index 14c21815f..55a0c0999 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -9,6 +9,7 @@ import (
"github.com/containers/image/manifest"
"github.com/containers/libpod/pkg/namespaces"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/storage"
"github.com/containers/storage/pkg/idtools"
"github.com/cri-o/ocicni/pkg/ocicni"
@@ -82,11 +83,15 @@ func WithStorageConfig(config storage.StoreOptions) RuntimeOption {
// or graphdriveroptions are set, then GraphRoot and RunRoot
// must be set
if setField {
+ storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID())
+ if err != nil {
+ return err
+ }
if rt.config.StorageConfig.GraphRoot == "" {
- rt.config.StorageConfig.GraphRoot = storage.DefaultStoreOptions.GraphRoot
+ rt.config.StorageConfig.GraphRoot = storeOpts.GraphRoot
}
if rt.config.StorageConfig.RunRoot == "" {
- rt.config.StorageConfig.RunRoot = storage.DefaultStoreOptions.RunRoot
+ rt.config.StorageConfig.RunRoot = storeOpts.RunRoot
}
}
@@ -925,7 +930,7 @@ func WithNetNS(portMappings []ocicni.PortMapping, postConfigureNetNS bool, netmo
ctr.config.PostConfigureNetNS = postConfigureNetNS
ctr.config.NetMode = namespaces.NetworkMode(netmode)
- ctr.config.CreateNetNS = !ctr.config.NetMode.IsUserDefined()
+ ctr.config.CreateNetNS = true
ctr.config.PortMappings = portMappings
ctr.config.Networks = networks
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index b9a11000e..9a6baf23e 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -6,7 +6,6 @@ import (
"github.com/containers/libpod/libpod/events"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- "github.com/ulule/deepcopier"
)
// Start starts all containers within a pod
@@ -441,7 +440,9 @@ func (p *Pod) Inspect() (*PodInspect, error) {
infraContainerID := p.state.InfraContainerID
config := new(PodConfig)
- deepcopier.Copy(p.config).To(config)
+ if err := JSONDeepCopy(p.config, config); err != nil {
+ return nil, err
+ }
inspectData := PodInspect{
Config: config,
State: &PodInspectState{
diff --git a/libpod/runtime.go b/libpod/runtime.go
index b3b75d791..f7b166513 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -23,7 +23,6 @@ import (
"github.com/docker/docker/pkg/namesgenerator"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- "github.com/ulule/deepcopier"
)
// RuntimeStateStore is a constant indicating which state store implementation
@@ -249,11 +248,16 @@ type runtimeConfiguredFrom struct {
noPivotRoot bool
}
-var (
- defaultRuntimeConfig = RuntimeConfig{
+func defaultRuntimeConfig() (RuntimeConfig, error) {
+ storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID())
+ if err != nil {
+ return RuntimeConfig{}, err
+ }
+
+ return RuntimeConfig{
// Leave this empty so containers/storage will use its defaults
StorageConfig: storage.StoreOptions{},
- VolumePath: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "volumes"),
+ VolumePath: filepath.Join(storeOpts.GraphRoot, "volumes"),
ImageDefaultTransport: DefaultTransport,
StateType: BoltDBStateStore,
OCIRuntime: "runc",
@@ -282,7 +286,7 @@ var (
},
InitPath: DefaultInitPath,
CgroupManager: SystemdCgroupsManager,
- StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"),
+ StaticDir: filepath.Join(storeOpts.GraphRoot, "libpod"),
TmpDir: "",
MaxLogSize: -1,
NoPivotRoot: false,
@@ -293,8 +297,8 @@ var (
EnablePortReservation: true,
EnableLabeling: true,
NumLocks: 2048,
- }
-)
+ }, nil
+}
func getDefaultTmpDir() (string, error) {
if !rootless.IsRootless() {
@@ -355,10 +359,17 @@ func newRuntimeFromConfig(userConfigPath string, options ...RuntimeOption) (runt
if err != nil {
return nil, err
}
- deepcopier.Copy(defaultRuntimeConfig).To(runtime.config)
+
+ defRunConf, err := defaultRuntimeConfig()
+ if err != nil {
+ return nil, err
+ }
+ if err := JSONDeepCopy(defRunConf, runtime.config); err != nil {
+ return nil, errors.Wrapf(err, "error copying runtime default config")
+ }
runtime.config.TmpDir = tmpDir
- storageConf, err := util.GetDefaultStoreOptions()
+ storageConf, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID())
if err != nil {
return nil, errors.Wrapf(err, "error retrieving storage config")
}
@@ -507,7 +518,10 @@ func newRuntimeFromConfig(userConfigPath string, options ...RuntimeOption) (runt
}
if rootlessConfigPath != "" {
// storage.conf
- storageConfFile := util.StorageConfigFile()
+ storageConfFile, err := storage.DefaultConfigFile(rootless.IsRootless())
+ if err != nil {
+ return nil, err
+ }
if _, err := os.Stat(storageConfFile); os.IsNotExist(err) {
if err := util.WriteStorageConfigFile(&runtime.config.StorageConfig, storageConfFile); err != nil {
return nil, errors.Wrapf(err, "cannot write config file %s", storageConfFile)
@@ -923,20 +937,22 @@ func makeRuntime(runtime *Runtime) (err error) {
}
// GetConfig returns a copy of the configuration used by the runtime
-func (r *Runtime) GetConfig() *RuntimeConfig {
+func (r *Runtime) GetConfig() (*RuntimeConfig, error) {
r.lock.RLock()
defer r.lock.RUnlock()
if !r.valid {
- return nil
+ return nil, ErrRuntimeStopped
}
config := new(RuntimeConfig)
// Copy so the caller won't be able to modify the actual config
- deepcopier.Copy(r.config).To(config)
+ if err := JSONDeepCopy(r.config, config); err != nil {
+ return nil, errors.Wrapf(err, "error copying config")
+ }
- return config
+ return config, nil
}
// Shutdown shuts down the runtime and associated containers and storage
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index f23dc86dd..7c39d8ced 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -19,7 +19,6 @@ import (
opentracing "github.com/opentracing/opentracing-go"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
- "github.com/ulule/deepcopier"
)
// CtrRemoveTimeout is the default number of seconds to wait after stopping a container
@@ -63,7 +62,9 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options ..
ctr.config.ID = stringid.GenerateNonCryptoID()
ctr.config.Spec = new(spec.Spec)
- deepcopier.Copy(rSpec).To(ctr.config.Spec)
+ if err := JSONDeepCopy(rSpec, ctr.config.Spec); err != nil {
+ return nil, errors.Wrapf(err, "error copying runtime spec while creating container")
+ }
ctr.config.CreatedTime = time.Now()
ctr.config.ShmSize = DefaultShmSize
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index b51bb8213..5767a99e7 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -10,7 +10,6 @@ import (
"github.com/containers/libpod/libpod/events"
"github.com/containers/storage/pkg/stringid"
- "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -56,15 +55,8 @@ func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption)
if err := os.MkdirAll(fullVolPath, 0755); err != nil {
return nil, errors.Wrapf(err, "error creating volume directory %q", fullVolPath)
}
- _, mountLabel, err := label.InitLabels([]string{})
- if err != nil {
- return nil, errors.Wrapf(err, "error getting default mountlabels")
- }
- if err := label.ReleaseLabel(mountLabel); err != nil {
- return nil, errors.Wrapf(err, "error releasing label %q", mountLabel)
- }
- if err := label.Relabel(fullVolPath, mountLabel, true); err != nil {
- return nil, errors.Wrapf(err, "error setting selinux label to %q", fullVolPath)
+ if err := LabelVolumePath(fullVolPath, true); err != nil {
+ return nil, err
}
volume.config.MountPoint = fullVolPath
diff --git a/libpod/util.go b/libpod/util.go
index b7578135a..7e2dff21a 100644
--- a/libpod/util.go
+++ b/libpod/util.go
@@ -187,3 +187,13 @@ func validPodNSOption(p *Pod, ctrPod string) error {
}
return nil
}
+
+// JSONDeepCopy performs a deep copy by performing a JSON encode/decode of the
+// given structures. From and To should be identically typed structs.
+func JSONDeepCopy(from, to interface{}) error {
+ tmp, err := json.Marshal(from)
+ if err != nil {
+ return err
+ }
+ return json.Unmarshal(tmp, to)
+}
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index 30e2538c3..a801df2ee 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -9,6 +9,7 @@ import (
"github.com/containerd/cgroups"
"github.com/containers/libpod/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -91,3 +92,23 @@ func GetV1CGroups(excludes []string) cgroups.Hierarchy {
return filtered, nil
}
}
+
+// LabelVolumePath takes a mount path for a volume and gives it an
+// selinux label of either shared or not
+func LabelVolumePath(path string, shared bool) error {
+ _, mountLabel, err := label.InitLabels([]string{})
+ if err != nil {
+ return errors.Wrapf(err, "error getting default mountlabels")
+ }
+ if err := label.ReleaseLabel(mountLabel); err != nil {
+ return errors.Wrapf(err, "error releasing label %q", mountLabel)
+ }
+ if err := label.Relabel(path, mountLabel, shared); err != nil {
+ permString := "private"
+ if shared {
+ permString = "shared"
+ }
+ return errors.Wrapf(err, "error setting selinux label for %s to %q as %s", path, mountLabel, permString)
+ }
+ return nil
+}
diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go
index d598b465f..940006e69 100644
--- a/libpod/util_unsupported.go
+++ b/libpod/util_unsupported.go
@@ -21,3 +21,9 @@ func deleteSystemdCgroup(path string) error {
func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
return "", errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes")
}
+
+// LabelVolumePath takes a mount path for a volume and gives it an
+// selinux label of either shared or not
+func LabelVolumePath(path string, shared bool) error {
+ return ErrNotImplemented
+}